Lucene search
K
RedhatcveMost viewed

206309 matches found

RedhatCVE
RedhatCVE
added 2022/07/12 10:14 a.m.59 views

CVE-2022-1955

Session 1.13.0 allows an attacker with physical access to the victim's device to bypass the application's password/pin lock to access user data. This is possible due to lack of adequate security controls to prevent dynamic code manipulation...

4.2AI score0.00361EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2022/05/18 10:42 p.m.59 views

CVE-2022-1473

A memory leak flaw was found in OpenSSL, resulting in TLS servers and clients being halted by out-of-memory conditions, leading to a denial of service. An attacker needs to repeat actions continuously to trigger this vulnerability, resulting in a loss of application availability. Mitigation Red H...

7.5CVSS1.6AI score0.02386EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2022/05/11 7:8 p.m.59 views

CVE-2022-1622

An out-of-bounds read vulnerability was found in Libtiff's LZWDecode function in libtiff/tiflzw.c. This flaw allows an attacker to perform a denial-of-service attack via a crafted tiff file, leading to the application crashing...

5.5CVSS4.5AI score0.01684EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2022/05/07 1:58 p.m.59 views

CVE-2022-0235

A flaw was found in node-fetch. When following a redirect to a third-party domain, node-fetch was forwarding sensitive headers such as "Authorization," "WWW-Authenticate," and "Cookie" to potentially untrusted targets. This flaw leads to the exposure of sensitive information to an unauthorized...

8.8CVSS3.4AI score0.01646EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2022/05/05 6:24 a.m.59 views

CVE-2022-1587

An out-of-bounds read vulnerability was discovered in the PCRE2 library in the getrecursedatalength function of the pcre2jitcompile.c file. This issue affects recursions in JIT-compiled regular expressions caused by duplicate data transfers...

9.1CVSS3.7AI score0.02413EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2022/04/20 8:23 a.m.59 views

CVE-2022-21476

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable...

7.5CVSS2.2AI score0.03825EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2022/04/20 5:24 a.m.59 views

CVE-2022-28739

A buffer overrun vulnerability was found in Ruby. The issue occurs in a conversion algorithm from a String to a Float that causes process termination due to a segmentation fault, but under limited circumstances. This flaw may cause an illegal memory read...

7.5CVSS3.3AI score0.04127EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2022/04/13 9:22 a.m.59 views

CVE-2022-29041

A flaw was found in the Jenkins Jira plugin. The Jenkins Jira plugin does not escape the name and description of a Jira Issue and Jira Release Version parameters on views displaying parameters. This issue results in a stored Cross-site scripting XSS vulnerability exploitable by attackers with...

6.4CVSS2.6AI score0.00825EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2022/04/11 5:32 a.m.59 views

CVE-2022-22629

A buffer overflow vulnerability was found in WebKitGTK and WPE WebKit. This flaw allows a remote attacker to process maliciously crafted web content, leading to arbitrary code execution...

8.8CVSS5.2AI score0.03668EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2022/04/04 4:26 p.m.59 views

CVE-2022-27943

A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangleconst function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a...

5.5CVSS5.6AI score0.00892EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2022/03/23 9:3 p.m.59 views

CVE-2022-24772

A flaw was found in the node-forge package. This signature verification leniency allows an attacker to forge a signature...

7.5CVSS3.7AI score0.01015EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2022/03/22 5:41 p.m.59 views

CVE-2022-24731

A path traversal flaw was found in ArgoCD. This flaw allows an attacker who has been granted create or update access to applications to leak the contents of any text file on the repo-server by crafting a malicious Helm chart. Such text files could include sensitive information that the attacker...

6.8CVSS4AI score0.00923EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2022/03/21 4:34 p.m.59 views

CVE-2022-23710

A flaw was found in Kibana’s data preview pane. This issue allows a Cross-Site scripting attack...

6.1CVSS3.5AI score0.00759EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2022/03/15 7:48 a.m.59 views

CVE-2022-0924

A heap buffer overflow flaw was found in Libtiffs' cpContigBufToSeparateBuf function of the tiffcp.c file. This flaw allows an attacker with a crafted TIFF file to trigger a heap out-of-bounds read access issue, causing a crash that leads to a denial of service...

6.1CVSS6.2AI score0.0133EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2022/02/25 8:0 p.m.59 views

CVE-2022-24615

zip4j up to v2.10.0 can throw various uncaught exceptions while parsing a specially crafted ZIP file, which could result in an application crash. This could be used to mount a denial of service attack against services that use zip4j library...

5.5CVSS4AI score0.00698EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2022/02/25 3:18 p.m.59 views

CVE-2022-26126

frrouting is vulnerable to a flaw that can cause stack overflow due to processing binary data as simple string data. Since c string data is not being processed when processing packets , correct binary aware functions should be used. There is high impact to availability due to the fact that the...

7.8CVSS4.1AI score0.01068EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2022/02/22 11:31 a.m.59 views

CVE-2022-23308

A flaw was found in libxml2. A call to the xmlGetID function can return a pointer already freed when parsing an XML document with the XMLPARSEDTDVALID option and without the XMLPARSENOENT option, resulting in a use-after-free issue...

8.1CVSS8AI score0.0601EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2022/02/17 3:48 p.m.59 views

CVE-2022-25308

A stack-based buffer overflow flaw was found in the Fribidi package. This flaw allows an attacker to pass a specially crafted file to the Fribidi application, which leads to a possible memory leak or a denial of service...

7.8CVSS4.3AI score0.00508EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2022/02/11 11:49 a.m.59 views

CVE-2022-21713

An Insecure Direct Object Reference IDOR vulnerability was found on Grafana Teams APIs. This flaw impacts the /teams/:teamId, /teams/:search, /teams/:teamId/members API endpoints and may allow an authenticated attacker to view unintended data by querying for the specific team ID or search for tea...

4.3CVSS0.7AI score0.01185EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2022/02/08 7:14 p.m.59 views

CVE-2022-219862

A vulnerability was found in dotnet’s ASP.NET Core Krestel when pooling HTTP/2 and HTTP/3 headers. This flaw allows a remote, unauthenticated attacker to cause a denial of service...

7.5CVSS5.2AI score0.03739EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2022/01/31 3:6 p.m.59 views

CVE-2021-44141

A vulnerability was found in Samba due to an insecure link following. By querying a symlink inside the exported share using SMB1 with unix extensions turned on, an attacker can discover if a named or directory exists on the filesystem outside the exported share. This flaw allows a remote...

6.5CVSS5.5AI score0.01097EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2022/01/27 5:28 p.m.59 views

CVE-2022-21363

Vulnerability in the MySQL Connectors product of Oracle MySQL component: Connector/J. Supported versions that are affected are 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful...

6.6CVSS4.9AI score0.0132EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2022/01/24 5:32 p.m.59 views

CVE-2022-22824

expat libexpat is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag can libexpat can terminate unexpectedly due to integer overflow. The highest threat from this vulnerability is to availability,...

9.8CVSS2.1AI score0.03376EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2022/01/24 4:56 p.m.59 views

CVE-2022-20612

A Cross-site request forgery CSRF vulnerability was found in Jenkins. The POST requests are not required for the HTTP endpoint handling manual build requests when no security realm is set. This flaw allows an attacker to trigger the building of a job without parameters...

4.3CVSS2.1AI score0.01779EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2022/01/13 6:46 a.m.59 views

CVE-2019-11707

A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an exploitable crash. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Firefox ESR 60.7.1, Firefox 67.0.3, and Thunderbird 60.7.2...

8.8CVSS2AI score0.37951EPSS
Exploits7References3
RedhatCVE
RedhatCVE
added 2022/01/12 11:23 p.m.59 views

CVE-2022-22748

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as: Malicious websites could have confused Thunderbird into showing the wrong origin when asking to launch a program and handling an external URL protocol...

6.5CVSS1.6AI score0.00737EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2022/01/12 11:23 p.m.59 views

CVE-2022-22751

The Mozilla Foundation Security Advisory describes this flaw as: Mozilla developers Calixte Denizet, Kershaw Chang, Christian Holler, Jason Kratzer, Gabriele Svelto, Tyson Smith, Simon Giesecke, and Steve Fink reported memory safety bugs present in Firefox 95 and Firefox ESR 91.4. Some of these...

8.8CVSS2.1AI score0.0087EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2021/12/23 9:11 p.m.59 views

CVE-2021-4158

A NULL pointer dereference issue was found in the ACPI code of QEMU. A malicious, privileged user within the guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition. Mitigation Mitigation for this issue is either not available or the currently...

6CVSS1.6AI score0.00375EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2021/12/21 12:20 p.m.59 views

CVE-2021-22096

In Spring Framework versions 5.3.0 - 5.3.10, 5.2.0 - 5.2.17, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries...

4.3CVSS3.6AI score0.01268EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2021/11/22 8:20 p.m.59 views

CVE-2020-17049

It was found that the Kerberos Key Distribution Center KDC delegation feature, Service for User S4U, did not sufficiently protect the tickets it's providing from tempering. A malicious, authenticated service principal allowed to delegate could use this flaw to impersonate a non-forwardable user...

9CVSS7.5AI score0.13794EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2021/11/11 4:27 p.m.59 views

CVE-2021-3947

A stack-buffer-overflow was found in QEMU in the NVME component. The flaw lies in nvmechangednslist where a malicious guest controlling certain input can read out of bounds memory. A malicious user could use this flaw leading to disclosure of sensitive information...

6CVSS5.6AI score0.00312EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2021/10/22 4:44 p.m.59 views

CVE-2021-42762

BubblewrapLauncher.cpp in WebKitGTK and WPE WebKit before 2.34.1 allows a limited sandbox bypass that allows a sandboxed process to trick host processes into thinking the sandboxed process is not confined by the sandbox, by abusing VFS syscalls that manipulate its filesystem namespace. The impact...

8.8CVSS1.9AI score0.00501EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2021/10/11 5:12 a.m.59 views

CVE-2021-20319

An improper signature verification vulnerability was found in coreos-installer. A specially crafted gzip installation image can bypass the image signature verification and as a consequence can lead to the installation of unsigned content. An attacker able to modify the original installation image...

7.8CVSS4.2AI score0.00515EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2021/09/24 10:45 a.m.59 views

CVE-2021-41073

A flaw was found in looprwiter in fs/iouring.c in the Linux kernel. This problem gives the ability to a local user with a normal user privilege to free a user-defined kernel space buffer. Mitigation Mitigation for this issue is either not available or the currently available options dont meet the...

7.8CVSS2AI score0.01692EPSS
Exploits2References5
RedhatCVE
RedhatCVE
added 2021/09/17 6:35 p.m.59 views

CVE-2020-21533

In transfig's fig2dev 3.2.7b it is possible for an attacker to create a specially crafted file that causes a buffer overflow due to the usage of fgets. This leads to a denial of service, impacting availability of the program...

5.5CVSS4.3AI score0.00838EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2021/09/07 11:37 a.m.59 views

CVE-2021-3677

A flaw was found in postgresql. A purpose-crafted query can read arbitrary bytes of server memory. In the default configuration, any authenticated database user can complete this attack at will. The attack does not require the ability to create objects. If server settings include...

6.5CVSS4.3AI score0.0142EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2021/09/06 5:22 p.m.59 views

CVE-2021-39256

The ntfs3g package is susceptible to a heap overflow on crafted input. When processing an NTFS image, proper bounds checking was not enforced leading to this software flaw. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability...

7.8CVSS2.2AI score0.00455EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2021/09/06 5:22 p.m.59 views

CVE-2021-39252

The ntfs3g package is susceptible to an input validation flaw. When processing a crafted NTFS image there is an improper check which leads to an out of bounds read. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability...

7.8CVSS2.1AI score0.00426EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2021/08/25 6:58 p.m.59 views

CVE-2021-39140

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resulting in a denial of service only by...

6.5CVSS2.6AI score0.05918EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2021/08/24 2:18 p.m.59 views

CVE-2021-39358

In GNOME libgfbgraph through 0.2.4, gfbgraph-photo.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011...

7.5CVSS3.7AI score0.01469EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2021/08/18 4:32 p.m.59 views

CVE-2021-31556

An issue was discovered in the Oauth extension for MediaWiki through 1.35.2. MWOAuthConsumerSubmitControl.php does not ensure that the length of an RSA key will fit in a MySQL blob...

9.8CVSS3.7AI score0.01615EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2021/08/12 10:51 a.m.59 views

CVE-2021-22939

A flaw was found in Node.js. If the Node.js HTTPS API is used incorrectly and "undefined" is passed for the "rejectUnauthorized" parameter, no error is returned, and the connections to servers with an expired certificate are accepted. The highest threat from this vulnerability is to integrity...

5.3CVSS1.4AI score0.1473EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2021/08/11 4:20 a.m.59 views

CVE-2021-29989

Mozilla developers reported memory safety bugs present in Firefox 90 and Firefox ESR 78.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird 78.13,...

8.8CVSS2.9AI score0.01268EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2021/08/10 9:50 p.m.59 views

CVE-2021-2412

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

4.9CVSS1.8AI score0.02088EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2021/08/10 9:50 p.m.59 views

CVE-2021-2372

Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 5.7.34 and prior and 8.0.25 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

4.4CVSS2.1AI score0.02956EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2021/08/05 8:57 a.m.59 views

CVE-2021-31291

A flaw was found in exiv2. A flawed bounds checking in the jp2Image.cpp:doWriteMetadata function leads to a heap-based buffer overflow. This flaw allows an attacker who can provide a malicious image to an application using the exiv2 library, to write data out of bounds and potentially execute cod...

4.3AI score
Exploits0References3
RedhatCVE
RedhatCVE
added 2021/08/05 8:50 a.m.59 views

CVE-2021-31292

A flaw was found in exiv2. A integer wraparound in the CrwMap:encode0x1810 function leads to memcpy call with a very large size allowing an attacker, who can provide a malicious image, to crash an application which uses the exiv2 library. The highest threat from this vulnerability is to service...

7.5CVSS2.7AI score0.02555EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2021/07/02 4:45 p.m.59 views

CVE-2021-21705

A flaw was found in php. Currently, php's FILTERVALIDATEURL check doesn't recognize some non-compliant RFC 3986 URLs and returns them as valid. This flaw allows an attacker to craft URLs, which depending on how the URL filter checking is used on the application side, lead to Server Side Request...

5.3CVSS2.4AI score0.01945EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2021/07/01 5:22 p.m.59 views

CVE-2021-34824

A flaw was found in istio. Any client authorized to access Istio XDS API can retrieve any cached gateway TLS certificate and private keys. The highest threat from this vulnerability is to data confidentiality. Mitigation This vulnerability can be mitigated by disabling istiod caching. This is...

9.1CVSS2.2AI score0.01972EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2021/06/28 9:49 p.m.59 views

CVE-2021-25321

A UNIX Symbolic Link Symlink Following vulnerability in arpwatch of SUSE Linux Enterprise Server 11-SP4-LTSS, SUSE Manager Server 4.0, SUSE OpenStack Cloud Crowbar 9; openSUSE Factory, Leap 15.2 allows local attackers with control of the runtime user to run arpwatch as to escalate to root upon th...

7.8CVSS3.7AI score0.00441EPSS
Exploits1References3
Total number of security vulnerabilities5000